The penetration of Russia was a taboo. The Ukraine war made it free for all. 2022-05-01 05:04:24


Placeholder while loading article actions

For more than a decade, cyber security experts in the United States careful About Russian hacking that increasingly uses the workforce of financially motivated criminal gangs to achieve political goals, such as strategically leaking campaign emails.

The prolific ransomware groups in the past year and a half have closed hospitals hit by the epidemic, their main fuel channel colonial pipeline Schools are sensitive documents published by corporate victims; In one case, it has vowed to escalate attacks on US infrastructure if Russian technology is hampered in retaliation for the invasion of Ukraine.

However, the third month of the war finds that Russia, not the United States, is struggling with an unprecedented piracy wave that combines government activity, political volunteerism, and criminal action.

Digital attackers looted the country’s personal financial data, defaced websites and handed decades of government emails to anti-confidentiality activists abroad. A recent survey showed that more passwords and other sensitive data from Russia were dumped on the open web in March than information from any other country.

The published documents include a cache from the regional office of the media organizer Roskomnadzor who revealed Topics her analysts were most interested in on social media — including anti-militarization and drug legalization — and that she was reporting to the FSB, which has been arresting some who complain about government policies.

A separate treasure from VGTRK, or All-Russian State Broadcasting Corporation, has been revealed 20 years of emails of the state-owned media chain and is “significant” in terms of expected impact, said a researcher at cybersecurity firm Recorded Future who spoke on the condition of anonymity to discuss his work in dangerous hacking circles.

The broadcast cache and some other notable spoils were acquired by a small group of hacking activists formed when the war began to seem inevitable, called Network Battalion 65.

“Federal Government: Your lack of honor and blatant war crimes have earned you a special award,” read one of the notes left on the Victims Network. “This bank has been hacked and ransomware and sensitive data is quickly dumped on the Internet.”

In its first in-depth interview, the group told the Washington Post via encrypted chat that it does not get guidance or help from government officials in Ukraine or anywhere else.

“We pay for our own infrastructure and devote our time outside of jobs and family obligations to this,” a company spokesperson said in English. “We ask for nothing in return. It is just the right thing to do.”

Christopher Pinter, the former top US diplomat for cyber issues, said an increase in such activity risks escalating and interfering with covert government operations. But so far, it appears to be helping the United States achieve its goals in Russia.

“Are the goals worth it? Yes,” said the painter. “It’s an interesting trend that they are now the target of all of this.”

Pinter warned that Russia still has offensive capabilities, and US officials urged organizations to prepare An expected Russian cyber attackProbably To be published in a moment of maximum influence.

But perhaps the most significant victim of the wave of attacks has been the myth of Russian cyber supremacy, which for decades has helped scare hackers in other countries – as well as criminals within their own borders – away from targeting a country with such a massive operation.

Emma Best, co-founder of Distribution of denial of secretswhich has ratified, published, and broadcast payments to the regulator, among other things.

While many hackers want to inform the public about Russia’s role in areas including propaganda and energy production, Best said a secondary motive after the invasion was Putin’s symbolic “harassment” and some oligarchy.

“He has developed the image of a strongman for decades, yet not only is he unable to stop the cyber attacks and leaks hitting his government and key industries, he is the one who caused them to happen.”

Volunteer hackers have received a first-of-its-kind payment from the government of Ukraine, which has endorsed the effort and proposed targets From which IT Army channel on Telegram. Ukrainian government hackers are supposed to act directly against other Russian targets, and officials have distributed the compromised data including the names of troops and hundreds of FSB agents.

“There are government institutions in Ukraine that are interested in some of the data and are actively assisting some of these operations,” said an analyst at security firm Flashpoint, who spoke on condition of anonymity due to the sensitivity of his work.

Ordinary criminals with no ideological interest in the conflict also got into this act, researchers said, taking advantage of busy security teams to make money with the downfall of an indomitable aura.

Last month, a quarterly survey of email addresses, passwords and other sensitive data posted on the open web found that more victims’ accounts are likely to be Russian than in any other country. Russia topped the poll for the first time, according to Lithuanian virtual private network and security firm SurfShark, which uses basic information to warn affected customers.

The number of supposed Russian credentials, such as those for email addresses ending in .ru, jumped in March to include 50 percent of the global total, doubling the previous month and more than five times what was published in January.

“The US is first most of the time. India has sometimes been really a surprise,” said SurfShark data researcher Agnieszka Sablovskaya.

The crime trade can also turn political, and that certainly happened with the war in Ukraine.

Soon after the invasion, Conte, one of the most vicious ransomware gangs, announced that it would rally itself to protect Russian interests in cyberspace.

pledge It backfired in an amazing way, because like many Russian-speaking criminal groups it has branches in Ukraine.

Then someone posted over 100,000 Inner gang chatsand later The source code for its main programmaking it easier for security software to detect and block attacks.

The 65th Grid Battalion went further. It modified the leaked copy of Conti’s code to evade new discoveries, improving encryption and then using it to lock files inside Russian government-linked companies.

“We decided it would be best to give Russia a taste of its own medicine. Conte is causing (and continues to cause) a lot of heartache and pain for companies around the world. “Once Russia ends this stupidity in Ukraine, we will stop our attacks completely,” the group said.

Meanwhile, Network Battalion 65 requested ransom payments even as it did Victims of shame on Twitter for poor security. The group said it hasn’t received any money yet but will donate anything it collects to Ukraine.

The Network Battalion obtained government broadcast emails and other treasures and handed them over to DDoSecrets, making it one of the site’s many top hacking suppliers, along with a pro-Western group called AgainstTheWest and some who have adopted the brand Anonymous, a larger, more flexible group that has resurfaced. recently and welcome anyone.

On April 3 Interview with a researcher Known as Dissent Doe who runs, the leader AgainstTheWest said the group formed in October and consisted of six English-speaking hackers, all privately employed but with intelligence backgrounds.

The initial goal was to “steal state secrets, government software (in the form of source codes), private documents etc. However, we also had the idea that we should move against China to attack the West in cyber espionage campaigns over the years,” the hacker said.

After hitting targets in China, AgainstTheWest moved to those in North Korea, Iran and Russia.

The commander said the group does not work directly for any intelligence agency, but declined to say if any were helping it. We do our work in the hope that it will benefit Western intelligence. We share all private documents with anyone from the US/EU government.”

The group has made other documents publicly available through DDoSecrets. Best of all, she received a single request from a US military account to reach beyond what she had posted, but she turned it down.

Pinter, a former expert at the State Department and the Department of Justice, said he was concerned that some volunteer hackers might take it a step too far and damage civilian infrastructure or cause a major backlash, and cautioned that others could mask additional motives.

“In the normal course of events, you don’t want to encourage guard intruders,” Pinter said. But then he agreed, “We are not in the normal course of events.”